To increase security it would be beneficial to have an expiry setting for API Keys, so they can have a limited timespan. An implementation reference could be GitHub Personal Access tokens, as those can be set to expire in 7, 30, 60, ... days. Having an option for "does not expire" would still be needed.

Among many useful scenarios, one I think is particularly important is the ability to create limited lifespan API keys for use with the CLI, so that non-expiring API Key are not sitting around indefinitely in local machine files.